CVE-2026-30968

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-30968
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30968.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-30968
Aliases
  • GHSA-2rj5-3pgm-xqw9
Published
2026-03-10T17:24:11.604Z
Modified
2026-04-02T13:24:00.703929Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Coral Server has insufficient validation of agent identity for SSE connections
Details

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Server did not strongly validate that a connecting agent was a legitimate participant in the session. This could theoretically allow unauthorized message injection or observation. This vulnerability is fixed in 1.1.0.

Database specific 
{
    "cwe_ids": [
        "CWE-862"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30968.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/Coral-Protocol/coral-server

Affected ranges

Type
GIT
Repo
https://github.com/Coral-Protocol/coral-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0c41f383fd9127d440012301b284f47e90a6da82
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.1.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/coral-protocol/coral-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0c41f383fd9127d440012301b284f47e90a6da82

Affected versions

Other
stabletutorial
v0
v1.*
v1.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30968.json"